Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF JUNE 20, 2007 FBO #2032
MODIFICATION

D -- WEPS Consultant Services

Notice Date
6/18/2007
 
Notice Type
Modification
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
Department of the Treasury, Comptroller of the Currency (OCC), Acquisition Management (AQM), 250 E Street, SW Mail Stop 4-13, Washington, DC, 20219, UNITED STATES
 
ZIP Code
00000
 
Solicitation Number
CC-07-HQ-Q-0064
 
Response Due
6/27/2007
 
Archive Date
7/12/2007
 
Point of Contact
Stephanie Gorski, Acquisition Specialist, Phone 202-874-4639, - Edwin Davis, Contracting Specialist, Phone 202 874-5144,
 
E-Mail Address
stephanie.gorski@occ.treas.gov, edwin.davis@occ.treas.gov
 
Small Business Set-Aside
Total Small Business
 
Description
The OCC intends for the period of performance to run from date of award through December 31, 2007. The following OCC clauses apply and are hereby provided in full text: 52.204-9 PERSONAL IDENTITY VERIFICATION OF CONTRACTOR PERSONNEL (NOV 2006) (a) The Contractor shall comply with agency personal identity verification procedures identified in the contract that implement Homeland Security Presidential Directive-12 (HSPD-12), Office of Management and Budget (OMB) guidance M-05-24, as amended, and Federal Information Processing Standards Publication (FIPS PUB) Number 201, as amended. (b) The Contractor shall insert this clause in all subcontracts when the subcontractor is required to have routine physical access to a Federally-controlled facility and/or routine access to a Federally-controlled information system. [End of Clause] 1052.245-70(OCC) SECURITY INVESTIGATIONS (MAR 1998) The OCC shall have the right under the contract to require any Contractor personnel (including, but not limited to, advisors or consultants to the contractor, subcontractors or their personnel, or any other persons under the auspices of the contractor) having access to OCC facilities, information systems, security items and products, and/or sensitive but unclassified information to undergo a security investigation. The type of investigation conducted shall be determined by the OCC and will depend upon several factors including, but not limited to, the duration of the contract, the kind of access the personnel will have, the sensitivity of the duties the personnel will perform, and whether adequate investigations have previously been done. Investigations can range from credit and fingerprint checks to full background reviews. Within 14 calendar days after contract award, the Contractor shall provide the Contracting Officer's Technical Representative (COTR) with such information and documentation as may be required by the OCC to have an investigation performed. Under no circumstances shall contractor employees be given access to OCC facilities, information systems, security items and products, and/or sensitive but unclassified information until the required security forms have been completed and submitted to the Security Officer. The Contractor shall immediately replace, with equally qualified employee(s), any employee(s) whose security investigation does not result in a favorable adjudication. The OCC shall have the unilateral right to make security adjudication decisions. The Contractor shall immediately notify the COTR of any new Contractor employee that will need access to OCC facilities, information systems, security items and products, and/or sensitive but unclassified information. The OCC shall have the right to obtain a favorable security investigation on new Contractor employees prior to such employees beginning work for the OCC. For such employees, the Contractor shall provide the COTR with evidence of such information and documentation as may be required by the OCC to have any investigation performed. The cost for any investigations required under the contract will be borne by the Government. (End of Clause) 1052.245-71(OCC) CITIZENSHIP OR RESIDENCY REQUIREMENTS OF CONTRACTOR PERSONNEL (JUNE 1998) The Contractor shall ensure that all employees having unescorted access to OCC's facilities or access to information systems, security items, or sensitive but unclassified information shall be United States citizens or have lawful permanent resident status. (End of Clause) 1052.245-72(OCC) CONFIDENTIAL OR SENSITIVE INFORMATION (JUNE 1999) The Contractor agrees that the work to be performed and information released to the Contractor is, because of the proprietary and confidential nature of such information, sensitive in nature and is not to be disclosed to anyone other than OCC employees assigned to the contracted project and other Contractor personnel working on the project. The Contractor agrees to protect all confidential and/or proprietary information received by or provided to the Contractor pursuant to this contract from unauthorized disclosure or use for as long as the information remains proprietary or confidential and further agrees that it will not use such information for any purpose other than that relating to the performance of this contract. For purposes of the contract, all information provided to or received by the Contractor is deemed confidential and proprietary. The Contractor shall execute and is responsible for having all of its employees and agents working under this contract and/or having access to sensitive information under this contract execute a statement entitled "Conditional Access to Sensitive But Unclassified Information Non-Disclosure Agreement." This Statement, a copy of which is appended to this contract, provides that sensitive but unclassified information provided to the Contractor or its employees or agents shall not, except as permitted in connection with the performance of the contract, be further disclosed or used without the prior written approval of the Office of the Comptroller of the Currency. Executed copies of this statement must be completed and returned to the Office of the Comptroller of the Currency by a duly authorized official of the Contractor and by all Contractor employees or agents who will perform work on the Contract before their work begins. In the event that contractor fails to submit signed Agreements prior to beginning work, the effective date of any agreements received after work begins shall be the date of award. (End of Clause) (OCC) SECURITY PROVISIONS (MAY 2007) All contractor personnel having access to OCC systems and data must complete security awareness training on their responsibilities for protecting OCC information. Contractor personnel must provide evidence in the form of a completion certification to the COTR prior to receiving access to OCC information, systems or data. The Contractor agrees to protect all OCC sensitive but unclassified (SBU) and/or proprietary information received by or provided to the Contractor pursuant to this contract from unauthorized disclosure or use for as long as the information remains proprietary or SBU and further agrees that it will not use such information for any purpose other than that relating to the performance of this contract. For purposes of the contract, all information provided to or received by the Contractor is deemed SBU and proprietary. Any information deemed ?Sensitive but Unclassified? transmitted electronically between a contractor location and the OCC which does not utilize the OCC network e-mail, must be encrypted using Federal Information Processing Standard (FIPS) 140-2 (See OMB Memorandum M-06-16) during transmission. The Contractor?s security policies in effect as of the effective date of contract award will be incorporated by reference as a material part of the contract. The Contractor agrees to provide the OCC with at least thirty days written notice of any proposed changes to those policies. OCC shall have the right to review all technical standards and Certification and Accreditation documentation, including associated security testing and evaluation reports. OCC shall also have the right to conduct site visits at any time during the performance of this contract when the notice of a significant change or event is provided by the contractor to the OCC. The Contractor shall provide at least thirty calendar days advance notice of any proposed or planned changes to its security policies, site location, data storage location, technical standards, and vendor contract clauses dealing with the information security to the Contracting Officer (CO) and the Contracting Officer?s Technical Representative (COTR). The Contractor shall provide written notice to CO and COTR as soon as possible but in no event longer than thirty calendar days after receipt of any new audits or security Assessment, including Certification and Accreditation, or any incidents of information security compromise. If there is a breach of OCC sensitive information or data (e.g., Personally Identifiable Information), the Contractor shall provide verbal notification to the OCC?s Computer Incident Response Center at 202-874-9363 (or 309-691-300 after hours), within 1 hour of the breach. Written notification should be provided to the CO and COTR within twenty-four hours of the breach. The Contractor further agrees to cooperate with the OCC in any inquiry or investigation for any breach of OCC sensitive information data. Security safeguards employed under the contract can not be disclosed or published and if contractor is required to disclose the CO must be notified so that the OCC can either authorize or take steps to prevent disclosure. The contractor will be subject to any and all penalties imposed by law for unlawful disclosure of OCC information. The data categorization of all data created, processed, stored or transmitted will be considered FISMA Moderate for the term of this contract unless otherwise determined by the OCC Contracting Officer. The guidance for defining and implementing proper security controls for this level of data sensitivity are outlined in the following National Institute of Standards & Technology (NIST) publications Federal Information Processing Standard Publication (FIPS PUB) 199, Standards for Security Categorization of Federal Information and Information System; FIPS PUB 200, Minimum Security Requirements for Federal Information and Information System, and NIST SP 800-53, Recommended Security Controls for Federal Information Systems. The Contractor will be expected to adhere to and follow the guidelines outlined in SP 800-53 and 800-53A to ensure proper security controls are in place to protect OCC data. All contractor personnel working under this contract will be required to follow OCC information security policies outlined in, ? The OCC Information Security Program: Policies, Standards, and Required Controls?, as well as Department of the Treasury information security directive TDP 85-01, Section 2.15. ?End Users?. Violations of these policies will be addressed by the Contracting Officer. Any system developed for OCC must meet minimum security configurations, as required by the Federal Information Security Management Act (FISMA). The Contractor shall be responsible for Information Technology (IT) security for all systems connected to an OCC network or operated by the Contractor for OCC, regardless of location. This requirement includes information technology, hardware, software, and the management, operation, maintenance, programming, and system administration of computer systems, networks, and telecommunications systems. The Contractor must give the Government access to facilities, databases, etc., used during the contract. Contractor is to assume full liability for any loss/damage (except when loss/damage is beyond control and without fault/negligence) including cost of cleaning security breaches, lost productivity, etc. At the expiration of the contract, the contractor shall return to the COTR all sensitive OCC information which exists in both electronic and hard copy formats, and IT resources provided to the contractor during the contract. The OCC may conduct reviews to ensure that the security requirements in the contract are implemented and enforced. Retention of sensitive but unclassified materials by the contractor beyond the term of this contract is not authorized. The Contractor must request from the OCC contracting officer, at termination of this contract, disposition instructions for all sensitive but unclassified materials received or generated under this contract. When no longer required, this information, data, and/or equipment will be returned to OCC control. The Contractor will not remove sensitive but unclassified material from Federal Government sites without the express permission of the contracting officer or the COTR. Hard copies of SBU information shall be hand carried or mailed via courier to COTR or address prescribed in the delivery/task order. The contractor shall have written contingency plans, including, both disaster recovery and continuity of operation plans. Such plans shall include steps for promptly notifying the OCC of incidents, emergencies, and abnormal events. Such plans shall be reviewed and updated no less frequently than quarterly. If the contract requires work to be performed at the Contractor?s facility, all contractor personnel will be issued: OCC provisioned hardware (laptop or desktop), OCC network accounts; OCC Virtual Private Network (VPN) accounts and RSA tokens for dual factor authentication. The Contractor will be required to access the OCC network utilizing the VPN. Contractor facility or facilities where the work will be performed must meet all applicable state and local zoning, environmental, and building laws and regulations. The contractor facility must include protections against unauthorized access at all hours, including alarms and notification systems should such protections be breached.
 
Place of Performance
Address: 250 E Street SW, Washington, DC
Zip Code: 20219
Country: UNITED STATES
 
Record
SN01321786-W 20070620/070618221157 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.